IS-IS Subnetwork Independent Operation
Continuing our journey through the land of IS-IS and hoping to reach the point where we get to understand how it actually works and the differences between it and OSPF, let’s focus today on how IS-IS is configured and why it uses both Levels and Areas.
So far, we’ve got some things cleared, as to where that odd node addressing scheme for the routers comes from, what is CLNS and CLNP and a few words on the hierarchy that IS-IS employs. To further things out, let’s go a bit deeper into the structure of the protocol itself.
The thing with IS-IS is that is Network layer independent, though the first thing we tend to do when configuring it is jump to the IP addressing. Consequently, today we’ll see how the OSI IS-IS works without configuring a single IP address, and then if we get to understand this, we can move on to the Integrated IS-IS operation
From a really high level, IS-IS operates as follows:
- Routers running IS-IS will send hello packets out all IS-IS-enabled interfaces to discover neighbors and establish adjacencies.
- Routers sharing a common data link will become IS-IS neighbors if their hello packets contain information that meets the criteria for forming an adjacency. These criteria will be revised in a later section
- Routers may build a link-state packet (LSP) based upon their local interfaces that are configured for IS-IS.
- Routers flood LSPs to all adjacent neighbors except the neighbor from which they received the same LSP (with some restrictions we’ll see)
- All routers will construct their link-state database from the LSPs.
- A shortest-path tree (SPT) is calculated by each IS
Why does IS-IS have both levels and areas?
The main reason for which both areas and levels exist is that area boundaries are on the links, not on the routers themselves, so there had to be a mechanism to differentiate between the adjacencies established between two routers in the same area and two routers in different areas.
To recall, an IS-IS router usually has only one NET (NSAP with the N-SEL = 0x00) so it is part of only one area at a time. This IS-IS router can be adjacent with routers in the same area and with routers in different areas. To be able to establish an adjacency with a router in the same area, the IS must be at least Level 1. For adjacencies with ISs in other areas, the router must be Level 2 capable. By default, with Cisco IOS and JunOS, the router is L1/L2 capable, meaning that it can become adjacent with other ISs at both levels.
The thing is that you can’t learn something until you actually do it. So let’s see this happening.
Note1: The example is based on Cisco, but there’s not much difference in this with JunOS (I will be dedicating a bunch of articles to doing things on JunOS as well).
Note2: The term LSP (Link State Packet) we’ll be using is similar to OSPF LSA. The difference is that there are only 2 types of LSPs for each Level, meaning L1-non-pseudonode, L1-pseudonode, L2-non-pseudonode, L2-pseudonode. We’ll see that the pseudonode LSPs are similar to the Network LSA generated by the DR in OSPF
Let’s be neighbors!
Topology 1.1. – Basics
We want them both in the same area so that’s kind of like the only thing we need for IS-IS to start, configuring NETs and enabling routing for CLNS.
IS1# show run | section router isis
router isis
net 49.0000.0001.0101.0101.0101.00
IS2# show run | section router isis
router isis
net 49.0000.0001.0202.0202.0202.00
IS1(config-if)# clns router isis
IS2(config-if)# clns router isis
That’s it! Let’s see how it works:
- Viewing neighbors
IS1#sh isis neigh
System Id Type Interface IP Address State Holdtime Circuit Id
IS2 L1 Fa0/0 UP 9 IS2.01
IS2 L2 Fa0/0 UP 10 IS2.01
IS2#sh isis neigh
System Id Type Interface IP Address State Holdtime Circuit Id
IS1 L1 Fa0/0 UP 24 IS2.01
IS1 L2 Fa0/0 UP 26 IS2.01
- Viewing the database
IS1#sh isis data
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 * 0x0000000A 0x38C8 1158 0/0/0
IS2.00-00 0x00000006 0xF007 1152 0/0/0
IS2.01-00 0x00000002 0xEA4C 1153 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 * 0x00000009 0x2274 1158 0/0/0
IS2.00-00 0x00000007 0xF49C 1156 0/0/0
IS2.01-00 0x00000003 0x7846 1153 0/0/0
IS2#sh isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 0x0000000A 0x38C8 1195 0/0/0
IS2.00-00 * 0x00000006 0xF007 1193 0/0/0
IS2.01-00 * 0x00000002 0xEA4C 1194 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 0x00000009 0x2274 1195 0/0/0
IS2.00-00 * 0x00000007 0xF49C 1197 0/0/0
IS2.01-00 * 0x00000003 0x7846 1194 0/0/0
What is there to understand:
- There are two adjacencies established between IS1 and IS2, one for each Level of routing
- As the Ethernet links are multi-access by default, a DIS (Designated Intermediate System) is elected. This is similar to the DR in OSPF except that there is no BDIS (BDR) chosen.
- The DIS generates the PSEUDONODE LSP, which can be easily spotted. There is one DIS for the Level1 routing and one for the Level2 routing. By default, the same IS gets both roles as no priorities have been modified. We can see below that the LSP is very much similar to the Network LSA in OSPF.
- The Circuit ID in the neighbor table is actually the ID of the DIS
IS1#show isis database l1 IS2.01-00 detail
IS-IS Level-1 LSP IS2.01-00
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS2.01-00 0x00000003 0xE84D 1192 0/0/0
Metric: 0 IS IS2.00
Metric: 0 IS IS1.00
IS1#show isis database l2 IS2.01-00 detail
IS-IS Level-2 LSP IS2.01-00
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS2.01-00 0x00000004 0x7647 1148 0/0/0
Metric: 0 IS IS2.00
Metric: 0 IS IS1.00
Let’s change IS3’s priority and let IS2 become the DIS (default LAN priority is 64!):
IS3(config)#int fa1/0
IS3(config-if)#isis priority 3
Now, IS2 is the new DIS, as it is the one generating the Pseudonode LSP IS2.01-00:
IS3#sh isis data
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS3.00-00 * 0x00000003 0x0B7D 1191 1/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 0x00000002 0x148A 808 0/0/0
IS2.00-00 0x00000004 0x53A4 1170 0/0/0
IS2.01-00 0x00000001 0x8B29 1171 0/0/0
IS3.00-00 * 0x00000004 0xD2B9 1173 0/0/0
Topology 1.2: Changing the network type
Let’s first change the network type to p2p:
IS1#sh run int fa0/0
—output omitted—
clns router isis
isis network point-to-point
IS2#sh run int fa0/0
—output omitted—
clns router isis
isis network point-to-point
The neighborship slightly changed now:
IS1#sh isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
IS2 L1L2 Fa0/0 UP 27 00
IS2#sh isis neigh
System Id Type Interface IP Address State Holdtime Circuit Id
IS1 L1L2 Fa0/0 UP 20 00
And the database as well:
IS1#sh isis data
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 * 0x0000000C 0x18E7 1159 0/0/0
IS2.00-00 0x00000008 0x3DBF 1155 0/0/0
IS2.01-00 0x00000002 0x7974 0 (1157) 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 * 0x0000000B 0x0293 1158 0/0/0
IS2.00-00 0x00000009 0x4155 1156 0/0/0
IS2.01-00 0x00000003 0x7775 0 (1158) 0/0/0
IS2#sh isis data
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 0x0000000C 0x18E7 1193 0/0/0
IS2.00-00 * 0x00000008 0x3DBF 1192 0/0/0
IS2.01-00 * 0x00000002 0x7974 0 (1181) 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 0x0000000B 0x0293 1192 0/0/0
IS2.00-00 * 0x00000009 0x4155 1192 0/0/0
IS2.01-00 * 0x00000003 0x7775 0 (1181) 0/0/0
Things to understand:
- on a point-to-point network type, only one adjacency is maintained for both routing levels.
- once the Pseudonode LSP will age out, there will only be the non-pseudonode LSPs in the database, so there is no DIS on the point-to-point network
Topology 1.3: Adding one more IS
If we add IS3 into the scheme, in a different area (don’t forget to enable clns on the link between IS2 and IS3):
IS3#show run | s router isis
router isis
net 49.0000.0002.0303.0303.0303.00
IS3#sh isis neighbors detail
System Id Type Interface IP Address State Holdtime Circuit Id
IS2 L2 Fa1/0 UP 29 IS3.01
Area Address(es): 49.0000.0001
SNPA: ca02.e783.001c
State Changed: 00:09:34
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: FastEthernet1/0
IS3#sh isis data
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS3.00-00 * 0x00000003 0x0B7D 876 1/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS1.00-00 0x0000000F 0xF997 787 0/0/0
IS2.00-00 0x0000000E 0x6285 868 0/0/0
IS3.00-00 * 0x00000003 0x681F 870 0/0/0
IS3.01-00 * 0x00000001 0x0AA4 871 0/0/0
Things to understand:
- Between IS2 and IS3 there is only an L2 adjacency which makes perfect sense as they are in different areas
- We added the detail keyword, so that we can see detailed info on the neighbors
- IS3 still generates its L1 non-pseudonode LSP, even though it has no L1 adjacency
- For the Level2 IS3 becomes the DIS, so it generates the L2 pseudonode LSP (01-00), as well as its L2 non-pseudonode LSP (IS3.00-00)
IS3#sh isis data l2 IS3.01.00 det
IS-IS Level-2 LSP IS3.01-00
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
IS3.01-00 * 0x00000001 0x0AA4 648 0/0/0
Metric: 0 IS IS3.00
Metric: 0 IS IS2.00
Now let’s see the topology, from IS 1’s perspective
IS1#sh isis topology
IS-IS TID 0 paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
IS1 —
IS2 10 IS2 Fa0/0 ca02.e783.0000
IS-IS TID 0 paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
IS1 —
IS2 10 IS2 Fa0/0 ca02.e783.0000
IS3 20 IS2 Fa0/0 ca02.e783.0000
Things to understand:
- Default metric for an interface is 10.
- You may notice the interface on which that neighbor is reachable and the SNPA (Sub-Network Point of Attachment) which is the same for all routers. The SNPA is the address used by IS1 to reach IS2 and IS3. Can you guess what it’s exactly? It’s actually the MAC address of IS2’s interface towards IS1. You can check that, and also let’s see the topology on IS2 (the middle router):
IS2#sh isis topology
IS-IS TID 0 paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
IS1 10 IS1 Fa0/0 ca01.e782.0000
IS2 —
IS-IS TID 0 paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
IS1 10 IS1 Fa0/0 ca01.e782.0000
IS2 —
IS3 10 IS3 Fa1/0 ca03.e785.001c
IS2 uses IS3’s interface mac address to reach IS3 and IS1’s interface mac address to reach IS1.
- The database is split between the two levels, L1-DB and L2-DB. There is no info about the area though, so you may interpret the database as the “L1-DB-for-the-area-I-am-in” and “L2-DB-that-helps-connect-the-area-I-am-in-with-other-areas”.
- What’s with the ATT/P/OL? ATT is the attached bit, which signals the attachment of the router to the L2 backbone. The P-bit (Partition) signals that the router is partition-repair capable, feature that is not supported by the Cisco implementation of IS-IS and the OL bit (Overload) is similar to OSPF max-metric feature – setting maximum metric in the LSA/LSP to maintain adjacencies but remove the node from the data path.
Topology 1.4: More complex, just to understand L1/L2 routing
It’s easy to build areas when all routers are by default L1/L2 capable. But what if we need to optimize that and reduce the IS-IS processing on each router? Then we would need to disable L2 capability where it is not needed. For example, considering the design below, the L1, L2 and L1/L2 routers are:
First, let’s see why I chose them like this:
- IS1: pseudo-leaf node (not leaf due to the connection to IS2), does not need L2 support
- IS2: same as IS1
- IS3: connects to IS6 in Area 2 so needs L2 support
- IS5: connects to IS8 in Area 3 so needs L2 support
- IS4: has no L1-only neighbor so it can be L2-only. It will establish L2 adjacency to IS3 and IS5
- IS6: has 2 connections to 2 different areas and a connection to IS7 which is L1-only so it needs to be L1/L2
- IS8: same as IS6
- IS12: prerequisite to be L2 only
- IS10: has a link to an L2-only IS and to an L1-only IS so it needs to be L1/L2
Now, can you spot an issue? Well, we mentioned that an L1 IS will always use the closest L2-capable IS to route outside its area, right? Let’s say IS1 needs to get to IS8, and it has two available paths:
- IS1-IS2-IS5-IS8-IS9
- IS1-IS3-IS5-IS5-IS8-IS9
The path chosen will not be the shortest, because IS2 is not a Level2-capable IS. So the second path will be the one employed, which is clearly sub-optimal.
The reason for IS1’s behavior is that it does not know routes from other areas. It only knows that the L2-capable routers in its area are “Attached” to the L2 core, so it will route to the closest one to get out of the area in which it resides.
Now, how will the return traffic flow? This time, the shortest path will be taken, via IS9-IS8-IS5-IS2-IS1. This happens because L2-capable router IS5 has all the info in Area 1 so it knows that to get to IS1, the shortest path is via IS2.
To be continued…
Cheers!
